patch: KDC default referral feature

Greg Hudson ghudson at MIT.EDU
Wed Jan 2 12:26:37 EST 2013

On 01/02/2013 11:16 AM, Richard Silverman wrote:
> I submitted a pull request to the MIT Kerberos GitHub repository 12 days
> ago:


Thanks for submitting this.  I've redirected this thread to
krbdev at, which is for discussing MIT krb5 development.
kerberos at is for discussing usage of Kerberos 5 and isn't
specific to the MIT krb5 implementation.

I did glance at this when you sent it in, but we haven't had a chance to
discuss it as a team.  While we very much appreciate any contribution,
we have a number of requirements for accepting new features, some of
which are documented at:

The most important requirement is an evaluation of whether we want the
new feature at all, or want it with design changes.  Our process for
this is to have a write-up of the proposal as a "project page" on the
wiki and discuss it on this list.  Personally, I have some concerns that
this feature is too specific within the general space of producing realm
referrals, and carries too great a risk of causing referral loops.  (I'm
also not sure why you can't get almost all of the desired behavior with
the existing [domain_realm] referral support.)

A second requirement is that we only apply new changes to master, not to
a release branch.  Both the KDC code and our documentation source format
have changed significantly since 1.10.

We would also require a new change like this to have automated tests.

More information about the krbdev mailing list